The use of remote browsers has increased exponentially over the last few years, but why are individuals and organizations using a remote browser? What is driving adoption of the remote browser isolation model and what are the different use cases for the technology?
Most remote browser early adopters I speak to tell me exactly the same thing at first, they tell me that they want to physically isolate themselves from web based malware when surfing the internet. While this may seem like the obvious use case for remote browsers, it's a generalized reason and almost everyone has a much more granular motivation for wanting to physically isolate their web browsing activity.
So Why Do They Use Remote Browsers?
The following use cases are all real-world examples that I have taken from conversations with our customers, real WEBGAP users. I will not be naming names for obvious reasons, but I am able to share with you some of their stories and, hopefully, shed a little light into why individuals and organizations are adopting the remote browser isolation model and discuss its different use cases.
Physical isolation from malware is not the only reason driving remote browser adoption, users are also worried about their privacy, their anonymity and being able to access the geographically restricted websites that they want to access.
The remote browser use cases that I see are varied. Some privacy focused users are concerned about being profiled and sold to when they surf the internet and larger organizations want to supplement the efforts of their web gateways by isolating the websites that cannot be categorized by their threat analysis tools. Then there are users who are completely focused on anonymous and obfuscated web browsing; they want to browse to websites and not be identified, and these users are typically fraud teams or investigators.
Remote browsers also make an excellent replacement for a VPN that would normally be used to access geographically restricted websites, in this use case think about Chinese users who leverage remote browsing as a way of browsing through the Great Firewall of China. Unlike VPN services which can easily be detected and blocked, remote browsers traffic looks just like generic traffic and easily slips through the censors filters.
My Top Five Remote Browser Use Case Groups
If I had to categorize remote browser isolation use cases into five groups, I would label them as follows:
Remote Browser Use Case Groups
- The Risk Outsourcers
- The Privacy Minded
- The Filter Hoppers
- The Detectives
- The Infosec Actors
Read on to find out the characteristics of these colorfully named groups and learn about the granular motivations of these user groups which make them perfect remote browser isolation use cases.
The Risk Outsourcers
This group typically has one primary use case, to outsource as much cyber risk out of their internal IT infrastructure as they can. They typically want to supplement their web gateways with an isolation capability and want to shift the risks of their users browsing away from their networks. For this group frequent browser based cyber attacks on their organizations are a reality and they understand that by leveraging browser isolation they can shut down the most common infiltration point on their networks.
The Privacy Minded
The more privacy minded amongst us value the privacy aspects of the remote browser model, they understand that by using a cloud hosted remote browser they can surf the internet without being tracked and profiled by advertisers or anyone else gathering data on them. You can expect this group to be regular VPN users who see remote browsers as the next logical step to secure, private browsing where they can not be tracked as they browse. This group has nothing to hide, they just do not want to be watched.
The Filter Hoppers
I mentioned this use case earlier, Chinese citizens use remote browsers to bypass the censorship restrictions that they face, they use them because VPNs in China can easily be identified and are frequently disconnected as they use them. They are not the only group looking to get around filters though, there are others who work for corporations where social media websites are blocked and expatriates outside of their home countries, they use remote browsers to access the locally and geographically restricted content.
Fraud investigators, journalists and detectives who investigate organized crime groups are a notoriously paranoid bunch, they like to surf the internet in a completely anonymous fashion, ideally using various technical obsfucation methods like multiple egress points, customizable browser headers and residential IP addresses. When investigating fraudulent websites, suspicious characters, dangerous organizations or cybercriminals it is wise to conceal your location and identity as much as you possibly can.
The Infosec Actors
The information security space is both large and varied, its particpants come from a wide range of different backgrounds, but what they have in common is a deep distrust of strange links and a natural suspicion of odd looking websites. Most information security professionals I know practice isolation in some way, usually in multiple ways and they are increasingly using remote browsers as a way of quickly isolating websites or links that they do not trust, they also like to use them when gathering open source intelligence (OSINT).
Not everyone Fits Into A Category
This is by no means an all encompassing categorization of all remote browser isolation use cases, these are just the five most obvious user groups that come to mind whenever I am asked the questions "why do people use remote browsers". I wanted to give you a general overview of the primary reasons why individuals and organizations adopt remote browser isolation. There are lots of remote browser users out there who just want to supplement their existing endpoint protection (usually anti-virus and a firewall) with something that can properly isolate them from the risks they face when they browse the public internet.
The remote browser market is so large and expanding so rapidly that you hear different use cases each and every day, that being said and despite the apparent differences between the different use case groups who want to adopt a browser isolation model, their motivations are almost always the same on the surface. It doesn't matter if they are a solo entrepreneur, a consumer, the owner of a small business, or the CISO of a large enterprise, they all have exactly the same problem that they are trying to solve.
They do not trust their existing security tools to keep them safe and are working towards physically isolating themselves, their devices and their own networks from the public internet.
Like the things we write? Follow @WEBGAP on Twitter for more!